CVE-2009-0507

Name of the Vulnerable Software and Affected Versions IBM WebSphere Process Server (WPS) versions 6.1.2 through 6.1.2.2 IBM WebSphere Process Server (WPS) versions 6.2 through 6.2.0.0

Description The issue allows remote authenticated users to obtain cleartext passwords, including JMSAPI, ESCALATION, and MAILSESSION (also known as mail session), by accessing a cluster member. This occurs because configuration data is not properly restricted during the export of the cluster configuration file from the administrative console.

Recommendations For IBM WebSphere Process Server (WPS) versions 6.1.2 through 6.1.2.2, update to version 6.1.2.3 or later. For IBM WebSphere Process Server (WPS) versions 6.2 through 6.2.0.0, update to version 6.2.0.1 or later.